Antimalware policy settings

Symantec Endpoint Security
includes an Antimalware policy that provides Intensive Protection settings plus scan settings and other antimalware feature settings.
Some default scans are included out-of-the-box. A daily scan and weekly scan are enabled by default.
Automatic scans include the following:
  • USB Scan
    Runs when the user logs on. Disabled by default.
    Auto-Protect must be enabled for the USB scan to run.
  • Startup Scan
    Runs when the user logs on. Disabled by default.
  • Defwatch Scan
    Runs when new definitions arrive. Enabled by default.
Antimalware policy settings
Intensity Levels
Scheduled Scan
Scheduled scans can scan any files that exist on your devices. They also protect memory, load points, and other important locations on your devices.
When you create a scan, you can choose whether the
Scan Type
is an
Active Scan,
Full Scan,
Custom Scan.
To edit a scan, select the actions menu to the right of the scan and select
. The
Edit Scan Schedule
options appear. You can also create a new scan.
Default scans include a Quarantine scan that is enabled by default. A USB scan is also available but disabled by default.
For scan edit details, see Scheduled scan options.
You should make sure that you run an active scan every day on the computers in your network. You should also run the full scan once a week or once a month if you suspect that you have an inactive threat in your network.
Scans access complete definitions sets in the cloud.
Advanced Scheduled Scan Settings
You can configure the following options:
  • Delay scheduled scans when running on batteries
    This option is on by default. You can disable this option to allow scheduled scans to run even when the device is running on batteries.
  • Allow user-defined scheduled scans to run when a scan author is not signed in
    This option is on by default. You might want to disable this option for multiuser devices.
    The scan progress dialog box does not appear on devices when this option is on and the scan author is logged off. The scan author can check the scan log for scan status.
    Additional details for how the scan dialog box appears on devices are as follows:
    • If no users are logged on, the scan progress dialog box does not appear, even if a user logs on during a scan.
    • For the first user to log on, the scan progress dialog box does not appear during a scheduled scan that another user defined.
    • For the first user to log on, the scan progress dialog box appears during a scheduled scan that this user defined. The scan progress dialog box does not appear if the user has not configured the scan to allow it.
    • If an administrator-defined scheduled scan runs when no user is logged on, the scan progress dialog box does not appear. When a user logs on, the scan progress dialog box appears.
User Notification Settings
Show antimalware scan results on the infected device
Enables or disables showing any antimalware scan results on infected devices. Antimalware scans include Auto-Protect scans, scheduled scans, or on-demand scans.
Advanced options for user notification settings:
  • Set scheduled and manual scan results to show
    Specifies what users see on their computers when a scheduled or manual scan is running.
    Does not apply to Auto-Protect.
    You can choose to show only scan results for high and medium risk detections, all detections, or always show scan progress.
  • Display a notification message to the user on infected computer
    When this option is enabled, you can modify the information that should appear when any scan finds a virus or a security risk.
  • Display notifications about detections when the user logs on
    Shows notifications when a user logs on and scans have been running in the background. The option is enabled by default. The administrator can disable this option to have a completely silent application, with no notifications displayed to the user.
Advanced Settings
Shows advanced settings for Auto-Protect and other antimalware features.
Scheduled Scan options
Scan Details
Options for scan details include the following:
  • Enable Scan
    Move the slider to enable or disable the scan.
  • File Types
    You can choose
    Scan all files
    Scan only selected extensions
    • For selected extensions, you can choose from a list of well known extensions. You can also add a custom extension. Go to
      Select Extensions
      and select the
      button. After you finish adding extensions, select
    • You can delete any extensions. Use
      Restore Defaults
      to restore default extensions. Use
      Undo Delete
      to restore any deleted default or custom extensions.
    The extensions option is not available when the
    option for the scan is set to
  • Folders to be Scanned
    This option is only available for custom scans. You can choose to scan all folders and drives or scan only selected folders. Use
    Select Folders
    to select well-known folders.
    You can also scan custom folders. On the
    Select Folders to Scan
    Add custom folder path to scan
      and type the desired folder path. You can add multiple folder paths. Type each folder path separated by a semi-colon.
These options are only available for administrator or user defined scheduled scans.
  • Recurrence
    Sets how often the scan runs (daily, weekly, or monthly). For weekly scans, you set the day of the week to run the scan.
  • Time
    Sets the time of day when the scan runs.
  • Scan Duration
    • You can run the scan until it finishes or run the scan up to a specified number of hours.
    • You can choose whether or not to randomize the scan start time when you set the scan duration to a specified number of hours.
  • Missed Scheduled Scans
    You can configure a retry interval for the scan if it does not start or the device is off during the scheduled scan time.
Scan files inside compressed files
This option is enabled by default. You can also set
Number of levels to expand if there are compressed files within compressed files.
You might want to change the setting to 1 or 2 levels to reduce scan time.
Scans always scan container files unless you disable this option or create scan exceptions for specific container files.
Move the slider to select the type of tuning for the scan.
  • Best Scan Performance
    Optimizes the performance of the scans that run on the device. Scans take less time to complete, but other applications may run more slowly during scans. For devices with four or more CPUs, use this option for the best overall performance.
  • Balanced Performance
    Balances scan performance and the performance of other applications that run during scans.
  • Best Application Performance
    Optimizes the performance of other applications that are running on the device. Scans take longer to complete, but other applications on the device might perform better during a scan.
    • When this option is set, scans can start but they only run when the client computer is idle.
    • If you configure an Active Scan to run when new definitions arrive, the scan is delayed for up to 15 minutes if the user is using the client computer.